/*
 * sniffex.c
 *
 * Sniffer example of TCP/IP packet capture using libpcap.
 * 
 * Version 0.1.1 (2005-07-05)
 * Copyright (c) 2005 The Tcpdump Group
 *
 * This software is intended to be used as a practical example and 
 * demonstration of the libpcap library; available at:
 * http://www.tcpdump.org/
 *
 ****************************************************************************
 *
 * This software is a modification of Tim Carstens' "sniffer.c"
 * demonstration source code, released as follows:
 * 
 * sniffer.c
 * Copyright (c) 2002 Tim Carstens
 * 2002-01-07
 * Demonstration of using libpcap
 * timcarst -at- yahoo -dot- com
 * 
 * "sniffer.c" is distributed under these terms:
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 4. The name "Tim Carstens" may not be used to endorse or promote
 *    products derived from this software without prior written permission
 *
 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * <end of "sniffer.c" terms>
 *
 * This software, "sniffex.c", is a derivative work of "sniffer.c" and is
 * covered by the following terms:
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Because this is a derivative work, you must comply with the "sniffer.c"
 *    terms reproduced above.
 * 2. Redistributions of source code must retain the Tcpdump Group copyright
 *    notice at the top of this source file, this list of conditions and the
 *    following disclaimer.
 * 3. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 4. The names "tcpdump" or "libpcap" may not be used to endorse or promote
 *    products derived from this software without prior written permission.
 *
 * THERE IS ABSOLUTELY NO WARRANTY FOR THIS PROGRAM.
 * BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
 * FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
 * OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
 * PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
 * OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
 * TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
 * PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
 * REPAIR OR CORRECTION.
 * 
 * IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
 * WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
 * REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
 * INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
 * OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
 * TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
 * YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
 * PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGES.
 * <end of "sniffex.c" terms>
 * 
 ****************************************************************************
 *
 * Below is an excerpt from an email from Guy Harris on the tcpdump-workers
 * mail list when someone asked, "How do I get the length of the TCP
 * payload?" Guy Harris' slightly snipped response (edited by him to
 * speak of the IPv4 header length and TCP data offset without referring
 * to bitfield structure members) is reproduced below:
 * 
 * The Ethernet size is always 14 bytes.
 * 
 * <snip>...</snip>
 *
 * In fact, you *MUST* assume the Ethernet header is 14 bytes, *and*, if 
 * you're using structures, you must use structures where the members 
 * always have the same size on all platforms, because the sizes of the 
 * fields in Ethernet - and IP, and TCP, and... - headers are defined by 
 * the protocol specification, not by the way a particular platform's C 
 * compiler works.)
 *
 * The IP header size, in bytes, is the value of the IP header length,
 * as extracted from the "ip_vhl" field of "struct sniff_ip" with
 * the "IP_HL()" macro, times 4 ("times 4" because it's in units of
 * 4-byte words).  If that value is less than 20 - i.e., if the value
 * extracted with "IP_HL()" is less than 5 - you have a malformed
 * IP datagram.
 *
 * The TCP header size, in bytes, is the value of the TCP data offset,
 * as extracted from the "th_offx2" field of "struct sniff_tcp" with
 * the "TH_OFF()" macro, times 4 (for the same reason - 4-byte words).
 * If that value is less than 20 - i.e., if the value extracted with
 * "TH_OFF()" is less than 5 - you have a malformed TCP segment.
 *
 * So, to find the IP header in an Ethernet packet, look 14 bytes after 
 * the beginning of the packet data.  To find the TCP header, look 
 * "IP_HL(ip)*4" bytes after the beginning of the IP header.  To find the
 * TCP payload, look "TH_OFF(tcp)*4" bytes after the beginning of the TCP
 * header.
 * 
 * To find out how much payload there is:
 *
 * Take the IP *total* length field - "ip_len" in "struct sniff_ip" 
 * - and, first, check whether it's less than "IP_HL(ip)*4" (after
 * you've checked whether "IP_HL(ip)" is >= 5).  If it is, you have
 * a malformed IP datagram.
 *
 * Otherwise, subtract "IP_HL(ip)*4" from it; that gives you the length
 * of the TCP segment, including the TCP header.  If that's less than
 * "TH_OFF(tcp)*4" (after you've checked whether "TH_OFF(tcp)" is >= 5),
 * you have a malformed TCP segment.
 *
 * Otherwise, subtract "TH_OFF(tcp)*4" from it; that gives you the
 * length of the TCP payload.
 *
 * Note that you also need to make sure that you don't go past the end 
 * of the captured data in the packet - you might, for example, have a 
 * 15-byte Ethernet packet that claims to contain an IP datagram, but if 
 * it's 15 bytes, it has only one byte of Ethernet payload, which is too 
 * small for an IP header.  The length of the captured data is given in 
 * the "caplen" field in the "struct pcap_pkthdr"; it might be less than 
 * the length of the packet, if you're capturing with a snapshot length 
 * other than a value >= the maximum packet size.
 * <end of response>
 * 
 ****************************************************************************
 * 
 * Example compiler command-line for GCC:
 *   gcc -Wall -o sniffex sniffex.c -lpcap
 * 
 ****************************************************************************
 *
 * Code Comments
 *
 * This section contains additional information and explanations regarding
 * comments in the source code. It serves as documentaion and rationale
 * for why the code is written as it is without hindering readability, as it
 * might if it were placed along with the actual code inline. References in
 * the code appear as footnote notation (e.g. [1]).
 *
 * 1. Ethernet headers are always exactly 14 bytes, so we define this
 * explicitly with "#define". Since some compilers might pad structures to a
 * multiple of 4 bytes - some versions of GCC for ARM may do this -
 * "sizeof (struct sniff_ethernet)" isn't used.
 * 
 * 2. Check the link-layer type of the device that's being opened to make
 * sure it's Ethernet, since that's all we handle in this example. Other
 * link-layer types may have different length headers (see [1]).
 *
 * 3. This is the filter expression that tells libpcap which packets we're
 * interested in (i.e. which packets to capture). Since this source example
 * focuses on IP and TCP, we use the expression "ip", so we know we'll only
 * encounter IP packets. The capture filter syntax, along with some
 * examples, is documented in the tcpdump man page under "expression."
 * Below are a few simple examples:
 *
 * Expression			Description
 * ----------			-----------
 * ip					Capture all IP packets.
 * tcp					Capture only TCP packets.
 * tcp port 80			Capture only TCP packets with a port equal to 80.
 * ip host 10.1.2.3		Capture all IP packets to or from host 10.1.2.3.
 *
 ****************************************************************************
 *
 */

#define APP_NAME		"sniffex"
#define APP_DESC		"Sniffer example using libpcap"
#define APP_COPYRIGHT	"Copyright (c) 2005 The Tcpdump Group"
#define APP_DISCLAIMER	"THERE IS ABSOLUTELY NO WARRANTY FOR THIS PROGRAM."

#include <pcap.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <ctype.h>
#include <errno.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netinet/ether.h>
#include <netinet/ip_icmp.h>
#include <arpa/inet.h>

#include "ether.h"
#include "ip_arp.h"
#include "ip.h"
#include "tcp.h"
#include "udp.h"
#include "icmp.h"
#include "netsimul.h"

const tok_t ethertype_values[] = {
    {ETHERTYPE_IP,          "IPv4"},
    {ETHERTYPE_ARP,         "ARP"},
    {ETHERTYPE_REVARP,      "RARP"},
    {ETHERTYPE_IPV6,        "IPv6"},
    {ETHERTYPE_LOOPBACK,    "Loopback"},
    {0, NULL}
};

const tok_t icmptype_values[] = {
    {ICMP_ECHOREPLY          , "Echo Reply"},      
    {ICMP_DEST_UNREACH       , "Destination Unreachable"},      
    {ICMP_SOURCE_QUENCH      , "Source Quench"},      
    {ICMP_REDIRECT           , "Redirect (change route)"},      
    {ICMP_ECHO               , "Echo Request"},      
    {ICMP_TIME_EXCEEDED      , "Time Exceeded"},      
    {ICMP_PARAMETERPROB      , "Parameter Problem"},      
    {ICMP_TIMESTAMP          , "Timestamp Request"},      
    {ICMP_TIMESTAMPREPLY     , "Timestamp Reply"},      
    {ICMP_INFO_REQUEST       , "Information Request"},      
    {ICMP_INFO_REPLY         , "Information Reply"},      
    {ICMP_ADDRESS            , "Address Mask Request"},      
    {ICMP_ADDRESSREPLY       , "Address Mask Reply"},      
    {0, NULL}
};

const tok_t icmpcode_values[] = {
    {0, NULL}
};

void
got_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet);

void
print_payload(const u_char *payload, int len);

void
print_hex_ascii_line(const u_char *payload, int len, int offset);

void
print_app_banner(void);

void
print_app_usage(void);

void print_ether(const struct sniff_ethernet * ethernet);

void print_arp(const struct sniff_arp * arp);

const char * tok2str(const tok_t * tokp,
        const char * default_msg,
        int v)
{

    static char buf[SIZE_TOK_BUF];

    if(tokp != NULL) {
        while(tokp->s != NULL) {
            if(tokp->v == v)
                return tokp->s;
            else 
                ++tokp;
        }
    }

    snprintf(buf, SIZE_TOK_BUF, "%s", default_msg);
    return (const char *)buf;
}

/*
 * app name/banner
 */
void
print_app_banner(void)
{

	printf("%s - %s\n", APP_NAME, APP_DESC);
	printf("%s\n", APP_COPYRIGHT);
	printf("%s\n", APP_DISCLAIMER);
	printf("\n");

return;
}

/*
 * print help text
 */
void
print_app_usage(void)
{

	printf("Usage: %s [interface]\n", APP_NAME);
	printf("\n");
	printf("Options:\n");
	printf("    interface    Listen on <interface> for packets.\n");
	printf("\n");

return;
}

/*
 * print data in rows of 16 bytes: offset   hex   ascii
 *
 * 00000   47 45 54 20 2f 20 48 54  54 50 2f 31 2e 31 0d 0a   GET / HTTP/1.1..
 */
void
print_hex_ascii_line(const u_char *payload, int len, int offset)
{

	int i;
	int gap;
	const u_char *ch;

	/* offset */
	printf("%05d   ", offset);
	
	/* hex */
	ch = payload;
	for(i = 0; i < len; i++) {
		printf("%02x ", *ch);
		ch++;
		/* print extra space after 8th byte for visual aid */
		if (i == 7)
			printf(" ");
	}
	/* print space to handle line less than 8 bytes */
	if (len < 8)
		printf(" ");
	
	/* fill hex gap with spaces if not full line */
	if (len < 16) {
		gap = 16 - len;
		for (i = 0; i < gap; i++) {
			printf("   ");
		}
	}
	printf("   ");
	
	/* ascii (if printable) */
	ch = payload;
	for(i = 0; i < len; i++) {
		if (isprint(*ch))
			printf("%c", *ch);
		else
			printf(".");
		ch++;
	}

	printf("\n");

return;
}

/*
 * print packet payload data (avoid printing binary data)
 */
void
print_payload(const u_char *payload, int len)
{

	int len_rem = len;
	int line_width = 16;			/* number of bytes per line */
	int line_len;
	int offset = 0;					/* zero-based offset counter */
	const u_char *ch = payload;

	if (len <= 0)
		return;

	/* data fits on one line */
	if (len <= line_width) {
		print_hex_ascii_line(ch, len, offset);
		return;
	}

	/* data spans multiple lines */
	for ( ;; ) {
		/* compute current line length */
		line_len = line_width % len_rem;
		/* print line */
		print_hex_ascii_line(ch, line_len, offset);
		/* compute total remaining */
		len_rem = len_rem - line_len;
		/* shift pointer to remaining bytes to print */
		ch = ch + line_len;
		/* add offset */
		offset = offset + line_width;
		/* check if we have line width chars or less */
		if (len_rem <= line_width) {
			/* print last line and get out */
			print_hex_ascii_line(ch, len_rem, offset);
			break;
		}
	}

return;
}

/*
 * Print ethernet structure informations
 *
 * Append by BDG, Wed 08 Nov 2017 10:56:22 
 * */
void print_ether(const struct sniff_ethernet * ethernet)
{

    u_short ether_type = 0;                 // Ethertype value

    const char * etherstr = NULL;           // Ethertype string

    // Ether dst & src
    char dst[MAC_ASCII_LEN], src[MAC_ASCII_LEN], *tmp = NULL;          
    
    ether_type = ntohs(ethernet->ether_type);
    printf("Network Layer Protocol: %s (%4X)", tok2str(ethertype_values, "Unknown", ether_type),ether_type );

    /*etherstr = get_ethertype_by_value(ether_type);*/
    /*if(etherstr != NULL) {*/
        /*printf("%s", etherstr);*/
    /*}*/
    /*else {*/
        /*printf("Unknown(%0004X)", ether_type);*/
    /*}*/
    /*
     * The ether_ntoa() function converts the Ethernet host address addr given in network byte order to a string
     * in standard hex-digits-and-colons notation, omitting leading zeros. The string is returned in a statically
     * allocated buffer, which subsequent calls will overwrite.
     * */
    tmp = ether_ntoa((const struct ether_addr*)&ethernet->ether_dhost);
    strncpy(dst, tmp, MAC_ASCII_LEN);
    tmp = ether_ntoa((const struct ether_addr*)&ethernet->ether_shost);
    strncpy(src, tmp, MAC_ASCII_LEN);
    printf("\n     Source: %s\nDestination: %s\n", src, dst);

}

/*
 * Print ARP header
 * */
void print_arp(const struct sniff_arp * arp)
{

    int i;

    printf("Hardware type: %s\n", ((ntohs(arp->htype) == 1) ? "Ethernet" : "Unknown"));
    printf("Protocol type: %s\n", ((ntohs(arp->ptype) == 0x0800) ? "IPv4" : "Unknown"));
    printf("Operation: %s\n", ((ntohs(arp->oper) == ARPOP_REQUEST) ? "ARP Request" : "ARP Reply"));

    //If is Ethernet and IPv4, print packet contents
    if( ntohs(arp->htype) == 1 && ntohs(arp->ptype) == 0x0800) {
        printf("Sender MAC: ");
        for(i=0; i<6 ; ++i)
            printf("%02X:", arp->sha[i]);
        printf("\nSender IP: ");
        struct in_addr spa; 
        spa.s_addr = arp->spa;
        printf("%s", inet_ntoa(spa));
        /*for(i=0; i<4 ; ++i)*/
            /*printf("%d.", arp->spa[i]);*/
        printf("\nTarget MAC: ");
        for(i=0; i<6 ; ++i)
            printf("%02X:", arp->tha[i]);
        printf("\nTarget IP: ");
        struct in_addr tpa;
        tpa.s_addr = arp->tpa;
        printf("%s", inet_ntoa(tpa));
        /*for(i=0; i<4 ; ++i)*/
            /*printf("%d.", arp->tpa[i]);*/
        printf("\n");
    }

}

void print_tcp(const struct sniff_tcp * tcp, 
        const struct sniff_ip * ip,
        const u_char * packet)
{

    const char *payload;                    /* Packet payload */

    int size_ip = IP_HL(ip)*4;
    int size_tcp = TH_OFF(tcp)*4;
    int size_payload;

    printf("   Src port: %d\n", ntohs(tcp->th_sport));
    printf("   Dst port: %d\n", ntohs(tcp->th_dport));
    
    /* define/compute tcp payload (segment) offset */
    //payload = (u_char *)(packet + SIZE_ETHERNET + size_ip + size_tcp);
    payload = (const char *)(packet + SIZE_ETHERNET + size_ip + size_tcp);
    
    /* compute tcp payload (segment) size */
    size_payload = ntohs(ip->ip_len) - (size_ip + size_tcp);
    
    /*
     * Print payload data; it might be binary, so don't just
     * treat it as a string.
     */
    printf("   Payload (%d bytes):\n", size_payload);
    if (size_payload > 0) {
            /*printf("   Payload (%d bytes):\n", size_payload);*/
            //print_payload(payload, size_payload);
    	print_payload((const unsigned char*)payload, size_payload);
    }

}

void print_udp(const struct sniff_udp * udp,
        const struct sniff_ip * ip,
        const u_char * packet)
{

    const char * payload;

    int size_ip = IP_HL(ip)*4;
    int size_udp = 8;
    int size_payload;

    printf("    Src port: %d\n", ntohs(udp->uh_sport));
    printf("    Dst port: %d\n", ntohs(udp->uh_dport));

    //payload = (u_char *)(packet + SIZE_ETHERNET + size_ip + size_udp);
    payload = (const char *)(packet + SIZE_ETHERNET + size_ip + size_udp);

    size_payload = ntohs(udp->uh_len) - size_udp;

    printf("    Payload (%d bytes):\n", size_payload);
    if(size_payload > 0) {
        //print_payload(payload, size_payload);
        print_payload((const u_char*)payload, size_payload);
    }

}

void print_icmp(const struct sniff_icmp * icmp,
        const struct sniff_ip * ip,
        const u_char * packet)
{

    uint8_t type;
    uint8_t code;

    type = icmp->icmp_type;
    printf("Message Type: %s (%d)\n", tok2str(icmptype_values, "Unknown", type), type); 

    code = icmp->icmp_code;
    printf("Message Code: %s (%d)\n", tok2str(icmpcode_values, "Unknown", code), code); 

}

/*
 * Handle ARP header
 * */
void handle_arp(const struct sniff_arp * arp)
{

    print_arp(arp);

}

/*
 * Handle IP datagram
 * */
void handle_ip(const struct sniff_ip * ip,
        const struct pcap_pkthdr * header,
        const u_char * packet)
{

    const struct sniff_tcp *tcp;            /* The TCP header */
    const struct sniff_udp *udp;            /* The UDP header */
    const struct sniff_icmp *icmp;          /* The ICMP header */
    const char *payload;                    /* Packet payload */

    int size_ip = IP_HL(ip)*4;
    int size_tcp;
    int size_udp;
    int size_payload;

    /* print source and destination IP addresses */
    printf("       From: %s\n", inet_ntoa(ip->ip_src));
    printf("         To: %s\n", inet_ntoa(ip->ip_dst));
    
    /* determine protocol */	
    switch(ip->ip_p) {
    	case IPPROTO_TCP:
    		printf("   Protocol: TCP\n");
                /* define/compute tcp header offset */
                tcp = (struct sniff_tcp*)(packet + SIZE_ETHERNET + size_ip);
                size_tcp = TH_OFF(tcp)*4;
                if (size_tcp < 20) {
                    printf("   * Invalid TCP header length: %u bytes\n", size_tcp);
                }
                else {
                    print_tcp(tcp, ip, packet);
                }
    		break;
    	case IPPROTO_UDP:
    		printf("   Protocol: UDP\n");
                udp = (const udphdr_t*)(packet + SIZE_ETHERNET + size_ip);
                print_udp(udp, ip, packet);
    		return;
    	case IPPROTO_ICMP:
    		printf("   Protocol: ICMP\n");
                icmp = (const icmphdr_t *)(packet + SIZE_ETHERNET + size_ip);
                print_icmp(icmp, ip, packet);
    		break;
    	case IPPROTO_IP:
    		printf("   Protocol: IP\n");
    		return;
    	default:
    		printf("   Protocol: unknown\n");
    		return;
    }
    
}

/* 
 * Handle ethernet packet
 * */
void handle_ether(const struct sniff_ethernet * ethernet,
        const struct pcap_pkthdr * header,
        const u_char * packet)
{

    const struct sniff_arp *arp;            /* The ARP header */
    const struct sniff_ip *ip;              /* The IP header */

    int size_ip;

    u_short ether_type;
	
    /* Print ethernet informations */
    print_ether(ethernet);

    /* Handle packet according to ether_type */
    ether_type = ntohs(ethernet->ether_type);
    switch(ether_type) {
        case ETHERTYPE_ARP: {
                                arp = (const struct sniff_arp*)(packet + SIZE_ETHERNET);
                                handle_arp(arp);
                                break;
                            }
        case ETHERTYPE_REVARP: { break; }
        case ETHERTYPE_IP: {
                                /* define/compute ip header offset */
                                ip = (const struct sniff_ip*)(packet + SIZE_ETHERNET);
                                size_ip = IP_HL(ip)*4;
                                if (size_ip < 20) {
                                    printf("   * Invalid IP header length: %u bytes\n", size_ip);
                                }
                                else {
                                    handle_ip(ip, header, packet);
                                }
                                break;
                           }
        case ETHERTYPE_IPV6: { break; }
        case ETHERTYPE_LOOPBACK: { break; }
        default:
                                 break;
    }
	
    /*ip = (struct sniff_ip*)(packet + SIZE_ETHERNET);*/
    /*size_ip = IP_HL(ip)*4;*/
    /*if (size_ip < 20) {*/
            /*printf("   * Invalid IP header length: %u bytes\n", size_ip);*/
            /*return;*/
    /*}*/

}

/*
 * dissect/print packet
 */
void
got_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet)
{

	static int count = 1;                   /* packet counter */

	/* declare pointers to packet headers */
	const struct sniff_ethernet *ethernet;  /* The ethernet header [1] */

	printf("\nPacket number %d:\n", count);
	printf("Packet len: %d\n", header->len);
	count++;
	
	/* define ethernet header */
	ethernet = (struct sniff_ethernet*)(packet);

        handle_ether(ethernet, header, packet);

return;
}

int main(int argc, char **argv)
{

	char *dev = NULL;			/* capture device name */
	char errbuf[PCAP_ERRBUF_SIZE];		/* error buffer */
	pcap_t *handle;				/* packet capture handle */

        char filter_exp[] = "arp";		/* filter expression [3] */
	/*char filter_exp[] = "";		[> filter expression [3] <]*/
	struct bpf_program fp;			/* compiled filter program (expression) */
	bpf_u_int32 mask;			/* subnet mask */
	bpf_u_int32 net;			/* ip */
	int num_packets = 10;			/* number of packets to capture */

	print_app_banner();

	/* check for capture device name on command-line */
	if (argc == 2) {
		dev = argv[1];
	}
	else if (argc > 2) {
		fprintf(stderr, "error: unrecognized command-line options\n\n");
		print_app_usage();
		exit(EXIT_FAILURE);
	}
	else {
		/* find a capture device if not specified on command-line */
		dev = pcap_lookupdev(errbuf);
		if (dev == NULL) {
			fprintf(stderr, "Couldn't find default device: %s\n",
			    errbuf);
			exit(EXIT_FAILURE);
		}
	}
	
	/* get network number and mask associated with capture device */
	if (pcap_lookupnet(dev, &net, &mask, errbuf) == -1) {
		fprintf(stderr, "Couldn't get netmask for device %s: %s\n",
		    dev, errbuf);
		net = 0;
		mask = 0;
	}

	/* print capture info */
	printf("Device: %s\n", dev);
	printf("Number of packets: %d\n", num_packets);
	printf("Filter expression: %s\n", filter_exp);

	/* open capture device */
	handle = pcap_open_live(dev, SNAP_LEN, 1, 1000, errbuf);
	if (handle == NULL) {
		fprintf(stderr, "Couldn't open device %s: %s\n", dev, errbuf);
		exit(EXIT_FAILURE);
	}

	/* make sure we're capturing on an Ethernet device [2] */
	if (pcap_datalink(handle) != DLT_EN10MB) {
		fprintf(stderr, "%s is not an Ethernet\n", dev);
		exit(EXIT_FAILURE);
	}

	/* compile the filter expression */
	if (pcap_compile(handle, &fp, filter_exp, 0, net) == -1) {
		fprintf(stderr, "Couldn't parse filter %s: %s\n",
		    filter_exp, pcap_geterr(handle));
		exit(EXIT_FAILURE);
	}

	/* apply the compiled filter */
	if (pcap_setfilter(handle, &fp) == -1) {
		fprintf(stderr, "Couldn't install filter %s: %s\n",
		    filter_exp, pcap_geterr(handle));
		exit(EXIT_FAILURE);
	}

	/* now we can set our callback function */
	pcap_loop(handle, num_packets, got_packet, NULL);

	/* cleanup */
	pcap_freecode(&fp);
	pcap_close(handle);

	printf("\nCapture complete.\n");

return 0;
}

